A quick note to anyone being bitten by this bug fix: you can easily search which of your JSPs (*.jsp*) need to be updated with the following regular expression (take a deep breath):
<\w+:[^>]+="[^<"]*<%=[^%]*"|<\w+:[^>]+='[^<']*<%=[^%]*'
Unfortunately, I haven't found a way to automatically fix JSPs, but at least you (hopefully) won't forget any!

Mark,
I am using Tomcat 5.5.27 on Linux but still facing the problem.
I am using c:ret tld and using following code in my abc.jsp,
<c-rt:set var="currUrl" value="<%=request.getAttribute((String)pageContext.getAttribute("param")+"_Url")%>" />
While jsp compilation , I am getting following error,
org.apache.jasper.JasperException: file:browser/abc.jsp(51,42) Attribute value request.getAttribute((String)pageContext.getAttribute("param")+"_Url") is quoted with " which must be escaped when used within the value.
When I modify the code with escape character it works fine.This is my modified code,
<c-rt:set var="currUrl" value="<%=request.getAttribute((String)pageContext.getAttribute(\"param\")+\"_Url\")%>" />
According to comment # 4 this issue is resolved. But I am not sure if it is resolved for Linux version of Tomcat 5.5.27 too.
Let me know if you need more info on this.
One quick question , Do I have to set any Tomcat JVM options to get rid of the issue temporarily??

I see the same issue for some files having nested quotes and dont see it for some other files having the same kind of nested quoting.
The kind of quoting giving the problem is mentioned in my previous comment.
But the following seam to the working.
id="<%= c.var("ActivityBanner.Name") %><%= c.var("ActivityBanner.Index") %>"
I don't see any particular standard way in which it fails. Both the cases i have used tomcat 5.5.27

Thanks to Cedric for the helpful regex. I've modified it a bit so it can actually be used to replace and fix (most) instances of this problem automatically. If you have an IDE that supports regex replace (I used IDEA), do a replace in path for this regex:
(<\w+:(?:[^>]|<%=[^%]+%>)+=)"([^<"]*<%=[^%]*"[^%]*%>[^"]*)"
For the replacement text, enter:
$1'$2'
Doing this was a necessity for me as I had to make thousands of changes to over 300 JSP files on the code base I'm working on. I have to say I think this should have been implemented as an opt-in fix via a config or something, rather than breaking backward compatibility for every tomcat user. Please be more careful in the future guys. We rely on you to not do things like this to us.

Ok. I guess I should have read this thread a little more carefully before spending hours fixing all this. So there is an opt-out for the strict parsing.
http://tomcat.apache.org/tomcat-5.5-doc/config/systemprops.html
Too late for me. Maybe it would be helpful to put something like "or disable strict quote checking" in the error message?

You can add this config option to the file "catalina.properties" which is in the directory of "%tomcat_home%/conf",as follows:
org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false
And the problem will be resolved
(In reply to comment #3)
> A quick note to anyone being bitten by this bug fix: you can easily search
> which of your JSPs (*.jsp*) need to be updated with the following regular
> expression (take a deep breath):
>
> <\w+:[^>]+="[^<"]*<%=[^%]*"|<\w+:[^>]+='[^<']*<%=[^%]*'
>
> Unfortunately, I haven't found a way to automatically fix JSPs, but at least
> you (hopefully) won't forget any!

Test in TC 6.0.26, the "strip quote escaping Parser" didn't work.
-- JUST use this testing code
<mytags:tag value="<%= "hi!" %>" />
-- I setup a jspc command line to debug the JspC
-- Then I reaches this stack frames
main@1, prio=5, in group 'main', status: 'RUNNING'
at org.apache.jasper.compiler.AttributeParser.getUnquoted(AttributeParser.java:54)
at org.apache.jasper.compiler.Parser.parseAttributeValue(Parser.java:249)
at org.apache.jasper.compiler.Parser.parseAttribute(Parser.java:205)
at org.apache.jasper.compiler.Parser.parseAttributes(Parser.java:148)
at org.apache.jasper.compiler.Parser.parseCustomTag(Parser.java:1204)
at org.apache.jasper.compiler.Parser.parseElementsScriptless(Parser.java:1467)
at org.apache.jasper.compiler.Parser.parseElements(Parser.java:1385)
at org.apache.jasper.compiler.Parser.parseBody(Parser.java:1630)
at org.apache.jasper.compiler.Parser.parseOptionalBody(Parser.java:974)
at org.apache.jasper.compiler.Parser.parseCustomTag(Parser.java:1242)
at org.apache.jasper.compiler.Parser.parseElementsScriptless(Parser.java:1467)
at org.apache.jasper.compiler.Parser.parseElements(Parser.java:1385)
at org.apache.jasper.compiler.Parser.parseBody(Parser.java:1630)
at org.apache.jasper.compiler.Parser.parseOptionalBody(Parser.java:974)
at org.apache.jasper.compiler.Parser.parseCustomTag(Parser.java:1242)
at org.apache.jasper.compiler.Parser.parseElementsScriptless(Parser.java:1467)
at org.apache.jasper.compiler.Parser.parseElements(Parser.java:1385)
at org.apache.jasper.compiler.Parser.parseBody(Parser.java:1630)
at org.apache.jasper.compiler.Parser.parseOptionalBody(Parser.java:974)
at org.apache.jasper.compiler.Parser.parseCustomTag(Parser.java:1242)
at org.apache.jasper.compiler.Parser.parseElementsScriptless(Parser.java:1467)
at org.apache.jasper.compiler.Parser.parseBody(Parser.java:1633)
at org.apache.jasper.compiler.Parser.parseJspBody(Parser.java:1584)
at org.apache.jasper.compiler.Parser.parseJspAttributeAndBody(Parser.java:1001)
at org.apache.jasper.compiler.Parser.parseOptionalBody(Parser.java:972)
at org.apache.jasper.compiler.Parser.parseCustomTag(Parser.java:1242)
at org.apache.jasper.compiler.Parser.parseElements(Parser.java:1418)
at org.apache.jasper.compiler.Parser.parse(Parser.java:130)
at org.apache.jasper.compiler.ParserController.doParse(ParserController.java:255)
at org.apache.jasper.compiler.ParserController.parse(ParserController.java:103)
at org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:185)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:347)
at org.apache.jasper.JspC.processFile(JspC.java:1182)
at org.apache.jasper.JspC.execute(JspC.java:1331)
at sun.reflect.NativeMethodAccessorImpl.invoke0(NativeMethodAccessorImpl.java:-1)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:105)
at org.apache.tools.ant.TaskAdapter.execute(TaskAdapter.java:134)
at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:288)
at sun.reflect.NativeMethodAccessorImpl.invoke0(NativeMethodAccessorImpl.java:-1)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:105)
at org.apache.tools.ant.Task.perform(Task.java:348)
at org.apache.tools.ant.Target.execute(Target.java:357)
at org.apache.tools.ant.Target.performTasks(Target.java:385)
at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1329)
at org.apache.tools.ant.Project.executeTarget(Project.java:1298)
at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)
at org.apache.tools.ant.Project.executeTargets(Project.java:1181)
at org.apache.tools.ant.Main.runBuild(Main.java:698)
at org.apache.tools.ant.Main.startAnt(Main.java:199)
at org.apache.tools.ant.launch.Launcher.run(Launcher.java:257)
at org.apache.tools.ant.launch.Launcher.main(Launcher.java:104)
-- In this frame: parseAttributeValue(Parser.java:249) -
The method signature is: private String parseAttributeValue(String watch) throws JasperException
We can see the parameter (watch)'s value is three characters: '%', '>', '"'
So after this code fragment executed
-> 245 char quote = 0;
-> 246 if (watch.length() == 1) {
-> 247 quote = watch.charAt(0);
-> 248 }
the "quote" variable is actually 0
so event the system property "org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING" isn't set to "false"
the strit parser didn't report for this problem
-> (codes in org.apache.jasper.compiler.AttributeParser)
-> 307 } else if (ch == quote && strict) {
-> 308 String msg = Localizer.getMessage("jsp.error.attribute.noescape",
-> 309 input, ""+ quote);
-> 310 throw new IllegalArgumentException(msg);
-> 311 } else {
the line 307's condition should never be evaluated to "true"

adding org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false in catalina.properties worked for me
Thanks to (In reply to comment #13)
> You can add this config option to the file "catalina.properties" which is in
> the directory of "%tomcat_home%/conf",as follows:
> org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false
> And the problem will be resolved
> (In reply to comment #3)
> > A quick note to anyone being bitten by this bug fix: you can easily search
> > which of your JSPs (*.jsp*) need to be updated with the following regular
> > expression (take a deep breath):
> >
> > <\w+:[^>]+="[^<"]*<%=[^%]*"|<\w+:[^>]+='[^<']*<%=[^%]*'
> >
> > Unfortunately, I haven't found a way to automatically fix JSPs, but at least
> > you (hopefully) won't forget any!
Worked for me, thanks !!

This is ASF Bugzilla: the Apache Software Foundation bug system. In case
of problems with the functioning of ASF Bugzilla, please contact
bugzilla-admin@apache.org.
Please Note: this e-mail address is only for reporting problems
with ASF Bugzilla. Mail about any other subject will be silently
ignored.